diff mbox series

[5/5] drm/mediatek: Fix dereference before null check

Message ID 20230407064657.12350-6-jason-jh.lin@mediatek.com (mailing list archive)
State New, archived
Headers show
Series Fix mediatek-drm coverity issues | expand

Commit Message

Jason-JH.Lin April 7, 2023, 6:46 a.m. UTC
Null-checking state suggests that it may be null, but it has already
been dereferenced on drm_atomic_get_new_plane_state(state, plane).

The parameter state will never be NULL currently, so just remove the
state is NULL flow in this function.

Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
Fixes: 5ddb0bd4ddc3 ("drm/atomic: Pass the full state to planes async atomic check and update")
---
 drivers/gpu/drm/mediatek/mtk_drm_plane.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

Comments

CK Hu (胡俊光) June 12, 2023, 9:10 a.m. UTC | #1
Hi, Jason:

On Fri, 2023-04-07 at 14:46 +0800, Jason-JH.Lin wrote:
> Null-checking state suggests that it may be null, but it has already
> been dereferenced on drm_atomic_get_new_plane_state(state, plane).
> 
> The parameter state will never be NULL currently, so just remove the
> state is NULL flow in this function.
> 
> Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> Fixes: 5ddb0bd4ddc3 ("drm/atomic: Pass the full state to planes async
> atomic check and update")
> ---
>  drivers/gpu/drm/mediatek/mtk_drm_plane.c | 9 ++-------
>  1 file changed, 2 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> index a1337f386bbf..e14b2920d242 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> @@ -103,8 +103,7 @@ static void mtk_drm_plane_destroy_state(struct
> drm_plane *plane,
>  static int mtk_plane_atomic_async_check(struct drm_plane *plane,
>  					struct drm_atomic_state *state)
>  {
> -	struct drm_plane_state *new_plane_state =
> drm_atomic_get_new_plane_state(state,
> -									
> 	 plane);
> +	struct drm_plane_state *new_plane_state =
> drm_atomic_get_new_plane_state(state, plane);

This is not related to this patch, so move to another patch.

Regards,
CK

>  	struct drm_crtc_state *crtc_state;
>  	int ret;
>  
> @@ -122,11 +121,7 @@ static int mtk_plane_atomic_async_check(struct
> drm_plane *plane,
>  	if (ret)
>  		return ret;
>  
> -	if (state)
> -		crtc_state = drm_atomic_get_existing_crtc_state(state,
> -								new_pla
> ne_state->crtc);
> -	else /* Special case for asynchronous cursor updates. */
> -		crtc_state = new_plane_state->crtc->state;
> +	crtc_state = drm_atomic_get_existing_crtc_state(state,
> new_plane_state->crtc);
>  
>  	return drm_atomic_helper_check_plane_state(plane->state,
> crtc_state,
>  						   DRM_PLANE_NO_SCALING
> ,
Jason-JH.Lin June 13, 2023, 9:05 a.m. UTC | #2
Hi CK,

Thanks for the reviews.

On Mon, 2023-06-12 at 09:10 +0000, CK Hu (胡俊光) wrote:
> Hi, Jason:
> 
> On Fri, 2023-04-07 at 14:46 +0800, Jason-JH.Lin wrote:
> > Null-checking state suggests that it may be null, but it has
> > already
> > been dereferenced on drm_atomic_get_new_plane_state(state, plane).
> > 
> > The parameter state will never be NULL currently, so just remove
> > the
> > state is NULL flow in this function.
> > 
> > Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
> > Fixes: 5ddb0bd4ddc3 ("drm/atomic: Pass the full state to planes
> > async
> > atomic check and update")
> > ---
> >  drivers/gpu/drm/mediatek/mtk_drm_plane.c | 9 ++-------
> >  1 file changed, 2 insertions(+), 7 deletions(-)
> > 
> > diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> > b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> > index a1337f386bbf..e14b2920d242 100644
> > --- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> > +++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
> > @@ -103,8 +103,7 @@ static void mtk_drm_plane_destroy_state(struct
> > drm_plane *plane,
> >  static int mtk_plane_atomic_async_check(struct drm_plane *plane,
> >  					struct drm_atomic_state *state)
> >  {
> > -	struct drm_plane_state *new_plane_state =
> > drm_atomic_get_new_plane_state(state,
> > -									
> > 	 plane);
> > +	struct drm_plane_state *new_plane_state =
> > drm_atomic_get_new_plane_state(state, plane);
> 
> This is not related to this patch, so move to another patch.
> 
> Regards,
> CK

OK, I'll drop the modification here.

Regards,
Jason-JH.Lin
> 
> >  	struct drm_crtc_state *crtc_state;
> >  	int ret;
> >  
> > @@ -122,11 +121,7 @@ static int mtk_plane_atomic_async_check(struct
> > drm_plane *plane,
> >  	if (ret)
> >  		return ret;
> >  
> > -	if (state)
> > -		crtc_state = drm_atomic_get_existing_crtc_state(state,
> > -								new_pla
> > ne_state->crtc);
> > -	else /* Special case for asynchronous cursor updates. */
> > -		crtc_state = new_plane_state->crtc->state;
> > +	crtc_state = drm_atomic_get_existing_crtc_state(state,
> > new_plane_state->crtc);
> >  
> >  	return drm_atomic_helper_check_plane_state(plane->state,
> > crtc_state,
> >  						   DRM_PLANE_NO_SCALING
> > ,
diff mbox series

Patch

diff --git a/drivers/gpu/drm/mediatek/mtk_drm_plane.c b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
index a1337f386bbf..e14b2920d242 100644
--- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
+++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
@@ -103,8 +103,7 @@  static void mtk_drm_plane_destroy_state(struct drm_plane *plane,
 static int mtk_plane_atomic_async_check(struct drm_plane *plane,
 					struct drm_atomic_state *state)
 {
-	struct drm_plane_state *new_plane_state = drm_atomic_get_new_plane_state(state,
-										 plane);
+	struct drm_plane_state *new_plane_state = drm_atomic_get_new_plane_state(state, plane);
 	struct drm_crtc_state *crtc_state;
 	int ret;
 
@@ -122,11 +121,7 @@  static int mtk_plane_atomic_async_check(struct drm_plane *plane,
 	if (ret)
 		return ret;
 
-	if (state)
-		crtc_state = drm_atomic_get_existing_crtc_state(state,
-								new_plane_state->crtc);
-	else /* Special case for asynchronous cursor updates. */
-		crtc_state = new_plane_state->crtc->state;
+	crtc_state = drm_atomic_get_existing_crtc_state(state, new_plane_state->crtc);
 
 	return drm_atomic_helper_check_plane_state(plane->state, crtc_state,
 						   DRM_PLANE_NO_SCALING,